[ previous ] [ next ] [ threads ]
 
 From:  Raylund Lai <raylund dot lai at kankanwoo dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Could someone explain this firewall log
 Date:  Sat, 15 Apr 2006 16:19:38 -0400
Hi,

Recently I've a problem that the outside world couldn't access my 
http/smtp/ssh... services on servers behind m0n0wall.

Here I got one of the logs which when the user at 70.55.224.22 tried to 
access my http service.  The server that holds the http is at 
192.168.0.21.  I've open port/nat/server-nat/outbound-nat all together 
that were working for about half year.

[X]     16:03:08.498773     WAN     70.55.224.22     192.168.0.21, type 
unreach/needfrag     ICMP

This is the raw log from status.php
Apr 15 16:01:03 fw0 ipmon[94]: 16:01:03.317921 ng0 @200:18 b 
70.55.224.22 -> 192.168.0.21 PR icmp len 20 576 icmp unreach/needfrag 
for 192.168.0.21,80 - 70.55.224.22,80 PR tcp len 20 1400 K-S IN

My ISP always blame on my m0n0wall/modem.  But they're working for half 
year without problem.  I already open icmp and added proxy arp 
(shouldn't be needed); at least for pinging/testing.

The ISP is routing my /29 subnet to the PPPoE dynamic assigned ip.

Could someone help me?  I'm running out of ideas on what's going wrong.

Cheers
Raylund